Majkel7
(Majkelstb)
16 Luty 2007 14:48
#1
Od jakiegos czasu komputer zaczal mi nieco spowalniac, ale dalo rade wytrzymac. Dzisiaj za to juz jest naprawde slabo :? Wszystko dziala duuuzo wolniej. Musze przyznac, ze sam sie zbyt dobrze nie znam, wiec bylbym bardzo wdzieczny za kazda pomoc
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\WINDOWS\system32\winlr1.exe C:\WINDOWS\system32\kksvchost.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe D:\firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe
MarioC
(Mario C)
16 Luty 2007 15:05
#2
Podaj pełen log z nagłówkiem i nie ucinaj, daj jeszcze log z SilentRunner
Majkel7
(Majkelstb)
16 Luty 2007 15:10
#3
Pelny log Przykro mi, ale nie posiadam SillentRunnera, ba nawet nie wiem co to jest.
Logfile of HijackThis v1.99.1 Scan saved at 23:34:21, on 2007-02-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\WINDOWS\system32\winlr1.exe C:\WINDOWS\system32\kksvchost.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe D:\firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe
adam9870
(adam9870)
16 Luty 2007 15:18
#4
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:
Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe
Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.
Przeskanuj http://www.kaspersky.pl/virusscanner.html
Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku c:\rapport.txt
Mam pytanie: do czego w tej chwili jest Ci potrzebny log z silenta? Pytanie retoryczne - nie musisz na nie odpowiadać.
Majkel7
(Majkelstb)
17 Luty 2007 12:38
#5
Jak pisalem wyzej, zbyt obeznany na kompach nie jestem wiec mialbym tutaj kilka pytan co do porady adam
“Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw)” - jak wlaczylem to wszystkie znaczki byly na zielono/zolto, lecz wszedzie bylo disabled;) Jak kliknalem na enable, to pozmienialy sie na czerwone. Wiec co w koncu zrobic?
"Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
Cytat:" - Jak uruchomic ten program w trybie awaryjnym? Nigdy nic w trybie awaryjnym nie robilem Confused
“Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.”
te pliki i foldery usuwac najpierw za pomoca SmitFraudFixa a potem recznie, czy tylko recznie?
“Natomiast wpisy w HijackThis” nie rozumiem tego zdania, co mam niby zrobic?
Jakby ktos mi mogl wyjasnic watpliwosci bylbym wdzieczny(juz drugi raz :mrgreen: )
adam9870
(adam9870)
17 Luty 2007 12:54
#6
Skoro jesteś początkujący to zrobimy to nieco inaczej.
Po pobraniu windows woorms doors cleanera jak widzisz czerwone znaczki to klikasz na taki znaczek raz lewym klawiszem myszki i tyle. Robisz tak dalej z każdym czerwonym znaczkiem, a potem zamykasz program. Zostaniesz spytany czy chcesz zrestartować komputer. Zgadzasz się na to i po resecie znaczki powinny zostać zmienione na zielone.
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT
Pobierz i wypakuj SmitFraudFix:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Na pobrany plik kliknij prawym klawiszem myszki i wybierz opcję w stylu wypakuj
Uruchom system w trybie awaryjnym
Kliknij dwa razy na plik FIX.BAT. Mignie przez chwilkę ekran
Uruchom plik SmitFraudFix.cmd i wybierz opcję 2.
http://forum.dobreprogramy.pl/viewtopic … 329#539329
Urucham HijackThis => kliknij Do a system scan only => pokaże się lista wpisów => postaw ptaszek przy wpisach:
F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe
=> kliknij Fix checked i potwierdź usunięcie.
JNJN
(JNJN)
17 Luty 2007 14:18
#7
Proszę zmienić temat postu na konkretny i używać polskich znaków,opcja zmień i popraw.JNJN
Majkel7
(Majkelstb)
18 Luty 2007 15:29
#8
eh, wszystko pościągałem, powklejalem, tylko jest jeden problem. Nie mogę wlączyć trybu awaryjnego… próbowalem i z F5 i z F8… Wie ktos jak moge wlaczyc ten cholerny tryb ? :-x
adam9870
(adam9870)
18 Luty 2007 15:44
#9
Ehh… w takim razie zrobimy jeszcze inaczej.
Pobierz Gmer’a .
Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.
W zakładce Usługi usuń z prawokliku następujące usługi: hwclock, l6, mnew1win, mnew4win, MSDisk, Win32Kernel, winmattm
W zakładce CMD z zaznaczoną opcją CMD.EXE wklej:
W zakładce Procesy wybierz Zabij wszystko . Teraz poczekaj cierpliwie aż zniknie pulpit etc. - zostanie tylko okienko Gmer’a.
Wróć do zakładki CMD i kliknij Uruchom
W zakładce Procesy przez trzy kropki ( … ) wskaż Hijacka i skasuj w nim następujące wpisy:
F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe
Teraz reset i przeskanuj http://kaspersky.pl/virusscanner.html i pokaż nowy log z HijackThis plus z SilentRunners .
Majkel7
(Majkelstb)
19 Luty 2007 21:43
#10
Logfile of HijackThis v1.99.1 Scan saved at 22:46:04, on 2007-02-19 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe D:\firefox\firefox.exe C:\Gadu-Gadu7\gg.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_29.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
Na log z sillenta czekalem godzinke, ale sie nie doczekalem(chodzi mi o ten rozszerzony log), jezeli log jest niezbedny to jutro postaram sie zrobic
kennex
(kennex)
20 Luty 2007 16:15
#11
Usuń pogrubione wirusy.
W takim razie daj loga z Combofixa
Majkel7
(Majkelstb)
20 Luty 2007 17:33
#12
heh, akurat juz mam loga z sillenta Czekam na dalsze instrukcje
@kennex - bez urazy, ale skoro adam juz mnie prowadzi, to wole nie mieszac jego instrukcji z Twoimi
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AltnetDownloadManager” = “C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Development Company, L.P.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”] “DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “SoundMan” = “soundman.exe” [“Avance Logic, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “autoclk” = “autoclk.exe” [file not found] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “adiras” = “adiras.exe” [file not found] “iTunesHelper” = ““C:\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “AVPDWIN” = ““C:\Program Files\Panda Software\Panda Demo\pandasft.exe”” [file not found] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “DAEMON Tools-1033” = ““C:\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s” [“Panda Software International”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web” -> {HKLM…CLSID} = “Folder przesyłania Share-to-Web” \InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 DragDrop Shell Extension” -> {HKLM…CLSID} = “WinAceDrag-Drop Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Property Sheet Shell Extension” -> {HKLM…CLSID} = “WinAceProperty Sheet Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” -> {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP\smarthook.dll” [“SmartFTP”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\Alcohol\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Shell” = “explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe”” [MS], [file not found], [file not found], [file not found], [file not found], [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“PFDNNT C:\Program Files\Kazaa\TopSearch.dll” [file not found]|“PFDNNT C:\Program Files\kazaa\TopSearch.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\pejzaz.scr” [“Midnight Blue Software, Inc.”] Startup items in “Michał” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Development Company, L.P.”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “WebReg Deskjet D2300 series” -> launches: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe “Deskjet D2300 series”” [“Hewlett-Packard Development Company, L.P.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavlsp.dll ["Panda Software "], 01 - 03, 21 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = “My Search Bar Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Autodata Limited License Service, Autodata Limited License Service, ““C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe”” [null data] iPodService, iPodService, “C:\iPod\bin\iPodService.exe” [“Apple Computer, Inc.”] NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe”” [“Panda Software”] Panda Firewall Service, PAVFIRES, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe”” [“Panda Software”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe”” [“Panda Software”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe”” [“Panda Software Internacional”] Panda Pavkre, Pavkre, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe”” [“Panda Software”] Panda PavProt, PavProt, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe”” [“Panda Software”] Panda Preventium+ Service, PREVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe”” [“Panda Software”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] StarWind iSCSI Service, StarWindService, “C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] LIDIL Language Monitor\Driver = “hpzll463.dll” [“Hewlett-Packard Company”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 2178 seconds, including 10 seconds for message boxes)
kennex
(kennex)
20 Luty 2007 17:54
#13
Wklej w notatniku:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] “AltnetDownloadManager”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=“Explorer.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Zapisz z rozszerzeniem .reg i scal
EDIT: Folder C:\Program Files\Altnet możesz usunąć, sam folder nic nie robi jednak często jest w nim pełno syfu, Spybot go usuwa .
kennex
(kennex)
20 Luty 2007 19:05
#15
Jak nie ma plików to już jest ok .